Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:36
Static task
static1
Behavioral task
behavioral1
Sample
69776ed706fb49d66e59cab6db4f392c_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
69776ed706fb49d66e59cab6db4f392c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
69776ed706fb49d66e59cab6db4f392c_JaffaCakes118.html
-
Size
50KB
-
MD5
69776ed706fb49d66e59cab6db4f392c
-
SHA1
c81e25f7af3c40abc00ccacbddc2afb1a41a8ee9
-
SHA256
5ef11c074b0445e8bce547b9342f6c30440ebd5aae1277603391229edf8c8acb
-
SHA512
4e59da19f6d3e3b6399d5c12897d9aece7cf8311a0649440403c6ca1d8ea0db257691a7eeca109e90d100163d32d0c2ab768d3900818b2d50f79855e2987edc1
-
SSDEEP
1536:3lJ/KTptwxQeP1panQwLIljIPYX5VR+DfJyKsPQImEe8lVdnb3tSqBn:33/KTptwxQY1panQwLIlWYR+DfJyKsPZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 624 msedge.exe 624 msedge.exe 5068 msedge.exe 5068 msedge.exe 596 identity_helper.exe 596 identity_helper.exe 5388 msedge.exe 5388 msedge.exe 5388 msedge.exe 5388 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5068 wrote to memory of 2200 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 2200 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 816 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 624 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 624 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe PID 5068 wrote to memory of 1544 5068 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69776ed706fb49d66e59cab6db4f392c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4878991783165596135,6079401839156692931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
120B
MD5c68acd1366938d99de43ed0acb0b3c99
SHA1f254c5b108d0379b8843b26b94a23da27dbeb462
SHA25627385c6c7c98c7940390e232f2de2270313837716598f97f256a6785ba34be25
SHA512dc16adb6a79201a40df9201edf4af94daa47310b57ac45de65b64fb35588ffac7b0fab68926f502d05aa58cb778deb37232080ee41aa71621364a79926e37440
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD59ca2bf53d9a4609d022d1a660cecce08
SHA116b6be64d3f1de3a972f54152025ced96b94f996
SHA256368ac84d469c887a004c572b6846b8834a4a9090b34563a3c678a053131d1acc
SHA512efbc4eff7db03c30e267087f4e4b1c3e01c4bf0ea16d85959408734690b395c967dbb3ab65878a2f4addddf60227adc864c455f0733868450cab0a31650b4a60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5c37914abba83711e915ec66cbebce83f
SHA1016bd640a46e0cc00dc86a8ff516cb0b6f60983b
SHA2567b4051efceaafca33f1e2b11e68d24d71a490464d29b261862f954890e1db682
SHA51205724cdaa3f6e309dca5c9de6a0adfe9ecce34ae4bbe67e38f70d3d12475421204b6b72d4ac367e4bc66e4c63ea113656fb9adea00f75ecd73f918d6bb3273d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52511386965917c53bf58681a6741f758
SHA1970d18abfc39434976a55763742cd576a1b3a144
SHA256927f5d20f37895da5e9d595d65445d31b055741ef56deeb012c1d899781eb07c
SHA5123c1ab5ef57888041c6ddc5f63146e3c98c8589019fdbbf5753013ff9c1fea86dcef093dd461607e9dce9226f090e970dcb7d6590009aecc801274b34a1f1b5f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD50e761bc6d088fb0c9613055a485005e1
SHA1ed3dfeff52c76c24511cfff4da748ad590e8f864
SHA256aa39cb02f865afd9701e205a68cf78125d9c60b436a9f37077cd782d33a6d1d3
SHA512cf614f86329f9de2f52e5863a6d72680762271152ad0a94c38328517d0953f5ea84fd39732f4059b7a0a5cf55db0ab019661dbcd267e27a2a0d77a3c9c58f9c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5b346456a0e966ff9957915d6708364fe
SHA188ad94f798f40b22cef67df5ffde37077e332a7a
SHA2562fbe252ebc302063d5c87585fbf8cdb7e90eb439362f1a8ca4eadce42c54bb69
SHA51218cb1532904f148d18d15d19aaf40960272a40c045ba429559ef9e531eed4519ff80bdec88e68b2c5ba94360eca9a865c301877543bf06b6a4da98cdaab02850
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD54617c044ea73703ec7f4fdc00b071904
SHA1805eaab545bb36098aedb2bc9f9cfae39160eb25
SHA2562b6cb3774719d844e3ca2d62db0c2e369c9c0315d6899c0275295bd7dac27166
SHA512d3b9a93d4fde6f6a24cb8492727159f949630262eb789a1cdfdc76102c79ba26c143da1b29287f40fb1b4eff3fcb178f435ccb88668a7f9bd56dcfe59edb8c20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD57d475d7270e89940285a37cb8e94a850
SHA1236cc480b6b4cb6318192169b826f61f461e3efe
SHA2568fc7cd8f1a650646a371ca3b247526c18cb330e1423e10772a56251abecd7399
SHA51261fe4220826723c7e014e3e56e38c8b6bf5ad977279f9bc50c71c1127edeb11f12d8e8cda9d740ae33534c0eb345765f29f98cb18fee3cb21cb0705bba495ef8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc27.TMPFilesize
204B
MD5de24d6edb92866be99b8e5d17fa8aa58
SHA1ca69daf88fbb71196843f46f15aa404bbac8e4c0
SHA256e5b33e287707912abe0489b31189098ca6fb8bbe161538d2035ac7c59f0b67df
SHA5123cef8524bf7b2706bd26c322f44b0c2f2c5b3772319fcd8f7f8691b62a3ffda5e461885e0c99da64dadf56a93bfb6b18b4765c036dae1b1f1a5c3b0081af3dee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51365d38a7bde293ff0c2763620fb3a33
SHA1e53880a29cb5ada5391a580c5d35a0f5bbd67d35
SHA2569e53b81807ca6892b70fa1beb8fa4a682942994e680c87943307a963cb4d1f38
SHA512f576ff3fa5e768e6e04e5a207c3dae36558a478dd67937f4cae7a73c3f1b7d0b2f438e1c9ede7fd447bef62da48797704f25aaedbef52ab33a418d1f069c0f20
-
\??\pipe\LOCAL\crashpad_5068_NHDDFMSAEFFXQUUWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e